package com.codefish.codefish_blog.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

/**
 * @author codefish
 * @version 1.0
 * @date 2022/03/22 下午 10:06
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //允许非用户自愿的get/post(ajax请求等),这里关闭了spring security对于抵御CSRF攻击的支持，存在安全漏洞
        http.csrf().disable();
        //配置不需要登录验证
        http.authorizeRequests().anyRequest()
                .permitAll().and().logout().permitAll();
    }

    /**
     * 注册密码加密类
     *
     * @return 密码加密bean
     */
    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder(10);
    }
}
